su authentication failure without password prompt

fbmd · 01-11-2011, 08:01 AM

Hi,

I have a strange behaviour on a Slackware 13.1 box:

Code:

user@host$ su
su: Authentication failure
user@host$

Note that there is no password prompt.

When I 'strace su' there is a password prompt, but using su over strace results in an authentication failure anyway.

Using su as root works fine:

Code:

root@host# su user
user@host$

Normal logins and ssh work fine, too.

I am a little lost at where to start. Any ideas would be greatly appreciated.

Regards,
fbmd

arunpmenon · 01-11-2011, 08:20 AM

Please confirm setuid bit is set for the command su.

fbmd · 01-11-2011, 09:15 AM

Quote:

Originally Posted by arunpmenon

Please confirm setuid bit is set for the command su.

Code:

root@host# ls -l /bin/su
-rws--x--x 1 root root 56229 2010-02-28 20:16 /bin/su

Confirmed.

honeybadger · 01-11-2011, 11:42 AM

What about /etc/login.defs and related files? Any changes made to them?
Another thought - check aliases - I messed things sometimes there

.

Reuti · 01-12-2011, 05:18 AM

Another place to have a look at could be /etc/pam.d/su whether there is anything used like pam_wheel.so while the user in question not being a member of group wheel. In your first example you are trying to gain root access - is an su for a normal user working in case he wants just to switch to another ordinary user?

fbmd · 01-13-2011, 06:53 AM

Quote:

Originally Posted by SilverBack

What about /etc/login.defs and related files? Any changes made to them?

No changes made. Active settings in /etc/login.defs:

Code:

CHFN_AUTH		yes
CHFN_RESTRICT		frwh
CONSOLE		/etc/securetty
CONSOLE_GROUPS		floppy:audio:cdrom:video
DEFAULT_HOME	yes
ENVIRON_FILE	/etc/environment
ENV_HZ		HZ=100
ENV_PATH	PATH=/usr/local/bin:/bin:/usr/bin
ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/sbin:/usr/sbin:/bin:/usr/bin
ERASECHAR	0177
FAILLOG_ENAB		yes
FAIL_DELAY		3
FTMP_FILE	/var/log/btmp
GID_MAX			60000
GID_MIN			  100
HUSHLOGIN_FILE	.hushlogin
KILLCHAR	025
LASTLOG_ENAB		yes
LOGIN_RETRIES		5
LOGIN_TIMEOUT		60
LOG_OK_LOGINS		no
LOG_UNKFAIL_ENAB	no
MAIL_CHECK_ENAB		yes
MAIL_DIR	/var/spool/mail
MD5_CRYPT_ENAB	yes
MOTD_FILE	/etc/motd
NOLOGINS_FILE	/etc/nologin
OBSCURE_CHECKS_ENAB	yes
PASS_ALWAYS_WARN	yes
PASS_CHANGE_TRIES	5
PASS_MAX_DAYS	99999
PASS_MIN_DAYS	0
PASS_MIN_LEN	5
PASS_WARN_AGE	7
PORTTIME_CHECKS_ENAB	yes
QUOTAS_ENAB		yes
SU_NAME		su
SU_WHEEL_ONLY	no
SYSLOG_SG_ENAB		yes
SYSLOG_SU_ENAB		yes
TTYGROUP	tty
TTYPERM		0620
UID_MAX			60000
UID_MIN			 1000
UMASK		022
USERGROUPS_ENAB yes

The user in question has UID 1000. GID of "users" is 100.

Quote:

Originally Posted by Reuti

Another place to have a look at could be /etc/pam.d/su whether there is anything used like pam_wheel.so while the user in question not being a member of group wheel.

The system is not using pam, i.e. there is no /etc/pam.d.

Quote:

Originally Posted by Reuti

In your first example you are trying to gain root access - is an su for a normal user working in case he wants just to switch to another ordinary user?

No, it's the same: authentication failure whithot a password prompt.

I have just tried the following: I added the user to the "wheel" group. Then I changed ownership of /bin/su to root.wheel. That obviously removed the SUID bit:

Code:

$ ls -l /bin/su
-rwx--x--x 1 root wheel 56229 2010-02-28 20:16 /bin/su

But running su now at least gives a password prompt, but still fails, no matter what the password:

Code:

user@host$ su
Password: 
su: Authentication failure
user@host$

The same when trying to change to another user.

I'd still be grateful for any other hints.

fbmd

daidoji · 08-05-2012, 09:52 PM

Cause I'm having the same problem and I haven't quite figured it out myself either.

honeybadger · 08-14-2012, 01:05 PM

Guess this is all that we can do here. What I think we should do next is boot up with a live medium and then edit the /etc/passwd and /etc/shadow and see if that helps. This is the only thing I can think of now really.
If you need any more info please post back.
BTW sorry for the delay I was out for a long long time and did not have access to the internet.
Hope this helps.

daidoji · 08-14-2012, 11:49 PM

Hmmm, unfortunately I am on a VPS and cannot perform that step :-( I'm actually trying to update (or downgrade) my udev libraries to see if its something related to that as it was hinted at in an Ubuntu post I have lost at the moment. If you can think of anything else please let me know!

Reuti · 08-15-2012, 05:18 AM

Are you using PAM? As there is the option to block users without a password, and you would get exactly the mentioned behavior of the first post:

Code:

auth    required        pam_unix2.so nullok

without nullok and empty password.

daidoji · 08-16-2012, 12:35 AM

I am not using PAM. I'm trying to su to a user with a password (ie my root account). I know it has a password because I can login with it.

Sir_mba · 11-01-2012, 07:40 PM

You probably have not set your root password yet.
Set your password by:

sudo passwd

Then, you won't have that problem again.

daidoji · 11-01-2012, 08:46 PM

Sir_MBA. Please read the thread above.

Sir_mba · 11-01-2012, 10:57 PM

I know, the thing that I mean is not your login password.
You just try 'sudo passwd', and set a password, and then 'su' again.

Wim Sturkenboom · 11-06-2012, 01:10 PM

Quote:

Originally Posted by Sir_mba

I know, the thing that I mean is not your login password.
You just try 'sudo passwd', and set a password, and then 'su' again.

So which password are you referring to?